On June 30, 2021, the Financial Crimes Enforcement Network (FinCEN) provided an update on implementation of the Anti-Money Laundering Act of 2020 (AML Act) and issued the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (Priorities). The Priorities, released on the AML Act’s six-month anniversary, identify and describe the most significant AML/CFT threats in FinCEN’s view, and may help financial institutions and other covered entities focus on and allocate resources to high-risk areas.

The AML Act, effective as of January 1, 2021, amended the Bank Secrecy Act (BSA), which provides the framework for the prevention and detection of money laundering and the financing of terrorism. The legislation required FinCEN to issue AML/CFT priorities, mandated creation of an ultimate beneficial ownership register, strengthened the government’s ability to seek foreign bank records, updated the BSA’s whistleblower program, and required other rulemaking and programs affecting financial institutions’ compliance with the BSA.^[1]

FinCEN’s 180-day AML Act Implementation Update (Update) sets forth a list of FinCEN’s achievements since January 1, 2021 and specifically notes FinCEN’s progress on implementing the closely watched ultimate beneficial ownership register.^[2] The Corporate Transparency Act (CTA), which is part of the AML Act, requires certain corporations, limited liability companies, and similar entities to file reports with and keep current information about their beneficial ownership with FinCEN. In April 2021, as noted in the Update, FinCEN issued an Advance Notice of Proposed Rulemaking seeking public comment on the implementation of the ultimate beneficial ownership register.^[3] The CTA requires FinCEN to promulgate rules related to the beneficial ownership register no later than January 1, 2022.

The Update also referenced the Priorities. Section 6101(a) of the AML Act requires the Secretary of the Treasury to publish “public priorities for anti-money laundering and countering the financing of terrorism policy” within 180 days after the law’s enactment and update the priorities at least once every four years thereafter.^[4] FinCEN has an additional 180 days after the June 30, 2021 release to promulgate rules to carry out those Priorities.^[5] The Priorities identify the most significant AML/CFT threats as: (1) corruption; (2) cybercrime, including relevant cybersecurity and virtual currency considerations; (3) foreign and domestic terrorist financing; (4) fraud; (5) transnational criminal organization activity; (6) drug trafficking organization activity; (7) human trafficking and human smuggling; and (8) proliferation financing.

While FinCEN’s press release specifies that the Priorities are not listed in any particular order, it is notable that corruption, which is a priority for the Biden administration, is the first Priority listed. The Priorities observe that “corrupt actors and their financial facilitators may seek to take advantage of vulnerabilities in the US financial system to launder money and obscure the proceeds of crimes.” The Priorities also reference the June 3, 2021 National Security Study Memorandum issued by President Biden, which discusses corruption’s debilitating effect on stability and economics and states that “[i]t has been estimated that corruption reduces global gross domestic product by between 2 and 5 percent. Corruption, both domestic and foreign, threatens US national security by eroding citizens’ faith in government, distorting economies, and weakening democratic institutions.”^[6]

The second Priority—cybercrime, including cybersecurity and virtual currency—builds on the Biden administration’s existing focus on this area. FinCEN has recently issued advisories regarding cybercrime, including an October 2020 advisory intended “to alert financial institutions to predominant trends, typologies, and potential indicators of ransomware and associated money laundering activities.”^[7] The Priorities’ inclusion of cybercrime, which includes “social engineering, software vulnerability exploits, and network attacks,” is unsurprising. The United States and companies continue to struggle with cybercrime “as evidenced by recent attacks on the nation’s fuel and food supplies.” Last month, for example, a cyberattack led to massive shortages at US gas stations, and just last Friday, thousands of victims in at least 17 countries were infected by the single biggest global ransomware attack on record. Likely with the assistance of financial institutions, the US Department of Justice was able to recover $2.3 million of the nearly $5 million in cryptocurrency ransom that the company paid in response to last month’s attack.^[8] As noted in the Priorities, “developing cohesive and consistent policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds” may “disrupt and deter” ransomware actors. Financial institutions can play a key role in this process because, as the Priorities observe, “[c]overed institutions are uniquely positioned to observe the suspicious activity that results from cybercrime, including cyber-enabled financial crime.”

The Update also noted that, as required by Section 6305(a) of the AML Act, FinCEN presented its assessment to Congress on June 28, 2021 regarding whether it would be helpful to establish a process by which FinCEN could issue “no-action letters.” Establishing a process for no-action letters (which agencies such as the Securities and Exchange Commission and the Office of Foreign Assets Control already use) would allow an entity to submit an inquiry about how the BSA and other AML laws would apply in a particular situation. In additional to providing comfort to the submitting party, FinCEN also would be able to communicate its stance on practical applications of the AML laws to the public. FinCEN’s report to Congress concludes that “a no-action letter process would be a useful complement to its current forms of regulatory guidance and relief”.^[9]

Of particular interest to many of our readers, the Update also noted that FinCEN will continue to actively engage with its government partners and the public in the future as it promulgates rules on the no-action letter process to “ensure [that] all constructive feedback” from its constituencies are considered. The authors are actively monitoring this process and would be pleased to answer any questions.

***

FinCEN had a busy week, but there are a few key takeaways from FinCEN’s activities for banks and other covered financial institutions:.

• First, FinCEN is required to promulgate rules within the next 180 days to inform financial institutions as to how they should incorporate the Priorities into their risk-based AML programs. The Priorities cover an incredibly broad range of issues and could have far-reaching consequences for financial institutions. Financial institutions should therefore monitor and consider participating in the rule-making process by submitting comments.
• Second, the AML Act does not require FinCEN to update these Priorities before 2025. Accordingly, financial institutions should carefully consider the Priorities and incorporate them into their compliance programs, including their AML risk assessments, as regulators will likely be focusing on these areas over the next several years.

[View source.]